fix(core): Password reset should pass in the correct values to external hooks (#5842)

This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2023-03-30 16:44:39 +02:00 committed by GitHub
parent d0788ee8e1
commit 5bcab8fcbe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions

View file

@ -255,8 +255,10 @@ export class PasswordResetController {
throw new NotFoundError('');
}
const passwordHash = await hashPassword(validPassword);
await this.userRepository.update(userId, {
password: await hashPassword(validPassword),
password: passwordHash,
resetPasswordToken: null,
resetPasswordTokenExpiration: null,
});
@ -279,6 +281,6 @@ export class PasswordResetController {
});
}
await this.externalHooks.run('user.password.update', [user.email, password]);
await this.externalHooks.run('user.password.update', [user.email, passwordHash]);
}
}

View file

@ -15,6 +15,7 @@ import {
} from './shared/random';
import * as testDb from './shared/testDb';
import { setCurrentAuthenticationMethod } from '@/sso/ssoHelpers';
import { ExternalHooks } from '@/ExternalHooks';
jest.mock('@/UserManagement/email/NodeMailer');
@ -22,6 +23,7 @@ let globalOwnerRole: Role;
let globalMemberRole: Role;
let owner: User;
let authlessAgent: SuperAgentTest;
let externalHooks = utils.mockInstance(ExternalHooks);
beforeAll(async () => {
const app = await utils.initTestServer({ endpointGroups: ['passwordReset'] });
@ -37,6 +39,7 @@ beforeEach(async () => {
owner = await testDb.createUser({ globalRole: globalOwnerRole });
config.set('userManagement.isInstanceOwnerSetUp', true);
externalHooks.run.mockReset();
});
afterAll(async () => {
@ -221,6 +224,11 @@ describe('POST /change-password', () => {
const comparisonResult = await compare(passwordToStore, storedPassword);
expect(comparisonResult).toBe(true);
expect(storedPassword).not.toBe(passwordToStore);
expect(externalHooks.run).toHaveBeenCalledWith('user.password.update', [
owner.email,
storedPassword,
]);
});
test('should fail with invalid inputs', async () => {
@ -276,5 +284,7 @@ describe('POST /change-password', () => {
});
expect(response.statusCode).toBe(404);
expect(externalHooks.run).not.toHaveBeenCalled();
});
});